Burp Extensions

This one is for you web penetration testers! This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one. It analyzes all the parameters in your in-scope traffic and …

Burp BS… where the “BS” stands for BeanShell. “What on earth is BeanShell?” you may ask? BeanShell is a very old Java library that was designed to build scripts in Java (full details on www.beanshell.org). It never really caught on for general use because the Java language is designed from the ground up to be …

Start 2015 right with a free web session to learn all about the Burp CO2 plugin! This training is scheduled for Thursday, January 8th, 2015 at 2pm EST. Portswigger’s Burp Suite is a very popular and flexible intercepting proxy tool among web application penetration testers. During this training session I will provide an overview of …

It seems that Spring is “prime time” for security professionals in the Carolinas, and Charlotte seems to be at the center of it at least geographically if not organizationally. This year started with the 10th Annual InfoSec Summit organized by ISSA Charlotte. This was a successful year for the summit, bringing together more security professionals …

Secure Ideas is excited to announce its latest upcoming online training. We will be offering a two-hour session exploring advanced topics related to Burp Suite and its use in a web application penetration test. Kevin Johnson and James Jardine will explore the various features of Burp Suite, focusing on how we use the system during our penetration …

I’m excited to announce another addition to the Burp Co2 extension bundle in v0.5 of Burp Co2 (download): The “Name Mangler”. Ever found yourself working on a web pen test for an organization where you have gathered a list of users and suspect a username harvesting vulnerability but have not yet worked out the username format …